Login:  Password:    
forgot my password
sign up!
Search: 

How to avoid temporary login session using .Net

In this tutorial, we will learn how to avoid temporary log in session making use of Dot Net.

0 0

The tutorial aims to describe the process to avoid temporary log in session or in other words how to create a permanent user login session and you can use this technique in any type of DOT NET project.

Forms Authentication

Before getting into the depth of this article, you must be familiar with forms authentication in DOT NET. The configuration of form authentication resides in web.config file which has the following configuration-file fragment with the assigned values.

Listing 1: Forms Authentication

<authentication mode="Forms">
      <forms loginUrl="~/Account/LogOn" 
             protection="All"
             timeout="1"
             name=".USERLOGINCONTROLAUTH"
             path="/"
             requireSSL="false"
             slidingExpiration="true"
             defaultUrl="~/Home/Index"
             cookieless="UseDeviceProfile"
             enableCrossAppRedirects="false"/></authentication>

The default values are described below:

  • loginUrl points to your application's custom logon page. You should place the logon page in a folder that requires Secure Sockets Layer (SSL). This helps ensure the integrity of the credentials when they are passed from the browser to the Web server.
  • protection is set to All to specify privacy and integrity for the forms authentication ticket. This causes the authentication ticket to be encrypted using the algorithm specified on the machineKey element, and to be signed using the hashing algorithm that is also specified on the machineKey element.
  • timeout is used to specify a limited lifetime for the forms authentication session. The default value is 30 minutes. If a persistent forms authentication cookie is issued, the timeout attribute is also used to set the lifetime of the persistent cookie.
  • name and path are set to the values defined in the application's configuration file.
  • requireSSL is set to false. This configuration means that authentication cookies can be transmitted over channels that are not SSL-encrypted. If you are concerned about session hijacking, you should consider setting requireSSL to true.
  • slidingExpiration is set to true to enforce a sliding session lifetime. This means that the session timeout is periodically reset as long as a user stays active on the site.
  • defaultUrl is set to the Default.aspx page for the application.
  • cookieless is set to UseDeviceProfile to specify that the application use cookies for all browsers that support cookies. If a browser that does not support cookies accesses the site, then forms authentication packages the authentication ticket on the URL.
  • enableCrossAppRedirects is set to false to indicate that forms authentication does not support automatic processing of tickets that are passed between applications on the query string or as part of a formPOST.

FormsAuthentication.SetAuthCookie Method

This method creates an authentication ticket for the supplied user name and adds it to the cookies collection of the response, or to the URL if you are using cookieless authentication. The first overload of this function has two parameters:

  • userName: The name of the authenticated user
  • createPersisntentCookie: True to create a persistent cookie (one that is saved across browser sessions); otherwise, false.

This method add a cookie or persistent cookie to the browser with an expire time set in "timeOut" parameter with the name and path set in "name" and "path" parameter. The user will be automatically logged out once the cookie is expired. So the user login session depends on the expire of forms authentication ticket saved in browser cookie. Here, we will create a permanent user login session using this technique.

Cookie Helper

The functionality of this class is to add a form authentication ticket to the browser cookie collection with a life time expiry.

Listing 2: Illustrates Cookie helper

public sealed class CookieHelper
{
    private HttpRequestBase _request;
    private HttpResponseBase _response;

    public CookieHelper(HttpRequestBase request, 
	HttpResponseBase response)
	{
		_request = request;
		_response = response;
	}

    //[DebuggerStepThrough()]
    public void SetLoginCookie(string userName,string password,bool isPermanentCookie)
    {
        if (_response != null)
        {
            if (isPermanentCookie)
            {
                FormsAuthenticationTicket userAuthTicket = 
                	new FormsAuthenticationTicket(1, userName, DateTime.Now, 
                	DateTime.MaxValue, true, password, FormsAuthentication.FormsCookiePath);

                string encUserAuthTicket = FormsAuthentication.Encrypt(userAuthTicket);
                HttpCookie userAuthCookie = new HttpCookie

                	(FormsAuthentication.FormsCookieName, encUserAuthTicket);
                if (userAuthTicket.IsPersistent) userAuthCookie.Expires = 
						userAuthTicket.Expiration;

                userAuthCookie.Path = FormsAuthentication.FormsCookiePath;
                _response.Cookies.Add(userAuthCookie);
            }
            else
            {
                FormsAuthentication.SetAuthCookie(userName, isPermanentCookie);
            }
        }
    }
}

This function is used in login page or control on the click of login button. In the attached sample project, the following function is written in AccountController class. This function validates the login of the user and then adds a permanent form authentication ticket to the browser.

Listing 3: Validates the login of the user

  Private bool Login(string username, string password,bool rememberMe)
{
    if (Membership.ValidateUser(userName, password))
    {
        CookieHelper newCookieHelper = 
		new CookieHelper(HttpContext.Request,HttpContext.Response);
        newCookieHelper.SetLoginCookie(userName, password, rememberMe);
        return true;
    }
    else
    {
        return false;
    }
}

Conclusion

Making use of the above technique will help you to develop a functionality that will avoid users to log out after a particular period of time from the web page. This is required more often than to make the users log in again and again which can really lead to some frustration. See you next time.


Varun Arora
I am a software developer from India with hands on experience on java, html for over 5 years.
2 comments have been posted.   Add your comment
[Fechar]

Este post é fechado - você precisa ter acesso ao post para incluir um comentário.

mohannad khaled maglad
awesome dude thanks a lot
[+1 month ago]    Answer it
 
Mr.Bool Editor
Thanks for your comment. Please give us articles suggestions on our facebook page
[+1 month ago]   Answer it
 
Help us to improve! Give us your feedback:

Give your note to this post: 1 2 3 4 5 6 7 8 9 10
Is this post helpful? Yes No



[Close]
To have full access to this post (or download the associated files) you must have MrBool Credits.

  See the prices for this post in Mr.Bool Credits System below:

Individually – in this case the price for this post is US$ 0,00 (Buy it now)
in this case you will buy only this video by paying the full price with no discount.

Package of 10 credits - in this case the price for this post is US$ 0,00
This subscription is ideal if you want to download few videos. In this plan you will receive a discount of 50% in each video. Subscribe for this package!

Package of 50 credits – in this case the price for this post is US$ 0,00
This subscription is ideal if you want to download several videos. In this plan you will receive a discount of 83% in each video. Subscribe for this package!


> More info about MrBool Credits








mrbool.com
contact us   |   publish your post   |   buy credits
Copyright 2013 - all rights reserved to www.web-03.net